From d761d9d358b7db43d8b2368cb21324dfa8200662 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 28 Jul 2025 20:56:42 +0200
Subject: [PATCH] pkg/rootless: move to daemon/internal

This package is used internally by the daemon, and was only used out
side of the daemon by pkg/plugins (for which we still need to look
where it should be kept).

Making it internal because it's trivial to implement if needed by
anyone. The only reason it's a package is to keep it central, and
to make it easier to discover where we have rootlesskit-specific
codepaths in our codebase.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 daemon/command/daemon.go                      | 2 +-
 daemon/command/docker.go                      | 2 +-
 daemon/config/config_linux.go                 | 2 +-
 daemon/info_unix.go                           | 2 +-
 {pkg => daemon/internal}/rootless/rootless.go | 0
 daemon/libnetwork/iptables/iptables.go        | 2 +-
 pkg/plugins/discovery_unix.go                 | 5 +++--
 7 files changed, 8 insertions(+), 7 deletions(-)
 rename {pkg => daemon/internal}/rootless/rootless.go (100%)

diff --git a/daemon/command/daemon.go b/daemon/command/daemon.go
index df7f4efac6..d9631ebe96 100644
--- a/daemon/command/daemon.go
+++ b/daemon/command/daemon.go
@@ -29,6 +29,7 @@ import (
 	"github.com/docker/docker/daemon/internal/builder-next/exporter"
 	"github.com/docker/docker/daemon/internal/libcontainerd/supervisor"
 	"github.com/docker/docker/daemon/internal/otelutil"
+	"github.com/docker/docker/daemon/internal/rootless"
 	"github.com/docker/docker/daemon/listeners"
 	dopts "github.com/docker/docker/daemon/pkg/opts"
 	"github.com/docker/docker/daemon/pkg/plugin"
@@ -53,7 +54,6 @@ import (
 	"github.com/docker/docker/pkg/homedir"
 	"github.com/docker/docker/pkg/pidfile"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/docker/pkg/rootless"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/util/tracing/detect"
diff --git a/daemon/command/docker.go b/daemon/command/docker.go
index 15f9863f1d..24f3598fb9 100644
--- a/daemon/command/docker.go
+++ b/daemon/command/docker.go
@@ -7,8 +7,8 @@ import (
 
 	"github.com/containerd/log"
 	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/daemon/internal/rootless"
 	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/pkg/rootless"
 	"github.com/moby/buildkit/util/apicaps"
 	"github.com/spf13/cobra"
 )
diff --git a/daemon/config/config_linux.go b/daemon/config/config_linux.go
index 139d9a62a8..c4aaa26494 100644
--- a/daemon/config/config_linux.go
+++ b/daemon/config/config_linux.go
@@ -11,10 +11,10 @@ import (
 
 	"github.com/containerd/cgroups/v3"
 	"github.com/containerd/log"
+	"github.com/docker/docker/daemon/internal/rootless"
 	"github.com/docker/docker/daemon/libnetwork/drivers/bridge"
 	"github.com/docker/docker/daemon/pkg/opts"
 	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/pkg/rootless"
 	"github.com/moby/moby/api/types/container"
 	"github.com/moby/moby/api/types/system"
 	"github.com/pkg/errors"
diff --git a/daemon/info_unix.go b/daemon/info_unix.go
index 1732da47cf..dafc816ef7 100644
--- a/daemon/info_unix.go
+++ b/daemon/info_unix.go
@@ -14,7 +14,7 @@ import (
 	runcoptions "github.com/containerd/containerd/api/types/runc/options"
 	"github.com/containerd/log"
 	"github.com/docker/docker/daemon/config"
-	"github.com/docker/docker/pkg/rootless"
+	"github.com/docker/docker/daemon/internal/rootless"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/moby/moby/api/types"
 	containertypes "github.com/moby/moby/api/types/container"
diff --git a/pkg/rootless/rootless.go b/daemon/internal/rootless/rootless.go
similarity index 100%
rename from pkg/rootless/rootless.go
rename to daemon/internal/rootless/rootless.go
diff --git a/daemon/libnetwork/iptables/iptables.go b/daemon/libnetwork/iptables/iptables.go
index ecb10e86f1..20e856984a 100644
--- a/daemon/libnetwork/iptables/iptables.go
+++ b/daemon/libnetwork/iptables/iptables.go
@@ -16,7 +16,7 @@ import (
 	"time"
 
 	"github.com/containerd/log"
-	"github.com/docker/docker/pkg/rootless"
+	"github.com/docker/docker/daemon/internal/rootless"
 )
 
 // Action signifies the iptable action.
diff --git a/pkg/plugins/discovery_unix.go b/pkg/plugins/discovery_unix.go
index 8a0d96d18e..18a251113c 100644
--- a/pkg/plugins/discovery_unix.go
+++ b/pkg/plugins/discovery_unix.go
@@ -3,10 +3,10 @@
 package plugins
 
 import (
+	"os"
 	"path/filepath"
 
 	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/pkg/rootless"
 )
 
 func rootlessConfigPluginsPath() string {
@@ -25,7 +25,8 @@ func rootlessLibPluginsPath() string {
 
 // specsPaths is the non-Windows implementation of [SpecsPaths].
 func specsPaths() []string {
-	if rootless.RunningWithRootlessKit() {
+	// TODO(thaJeztah): switch back to daemon/internal/rootless.RunningWithRootlessKit if this package moves internal to the daemon.
+	if os.Getenv("ROOTLESSKIT_STATE_DIR") != "" {
 		return []string{rootlessConfigPluginsPath(), rootlessLibPluginsPath()}
 	}
 	return []string{"/etc/docker/plugins", "/usr/lib/docker/plugins"}